Security of Transactions in Bitcoin
In this chapter, we review and analyze transaction security in the Bitcoin protocol. Here, we distinguish between the security of standard payments (dubbed confirmed transactions) and of fast payments, where the exchange between the payment and the service is short, in the order of a few tens of seconds.
SECURITY OF CONFIRMED TRANSACTIONS
As mentioned in the previous chapter, transactions are constructed in Bitcoin as follows. The payer chooses the coins that he or she will pay with (the number of coins depends on the payment amount and the coin values owned by the payer), and includes the hashes of the previous transactions where each of the chosen coins was spent as inputs to the transactions. The public key(s) (hence referencing the address(es) of the payee) are then used as outputs of the transaction. Note that the official Bitcoin client has started to support transactions with multiple recipients since December 16, 2010. As shown in Figure 4.1, all inputs and outputs of the transaction are then signed using the private key of the payer; the resulting transaction (including the signature) is then broadcasted in the P2P network.
When the payee receives the transaction, he or she checks the signatures and verifies the correctness of the transaction (see Section 4.1.1). If these verifications are successful, the payee awaits that the network confirms his or her transaction before redeeming the received coins. Transactions are confirmed in Bitcoin using blocks. Bitcoin blocks are computed by miners—peers that “mine” for Bitcoins— and implement a hash-based proof-of-work (PoW) concept. Miners verify the correctness of each transaction they receive from the network and subsequently
Figure 4.1 A Bitcoin transaction with one input and one output.
include those correct transactions in their newly generated block. Since blocks implement a PoW, transactions that are included in a block are hard to revert; if six Bitcoin blocks build on a block including the payee's transaction, then the payee can redeem the coins received from the payer.
Bitcoin relies on the synchronous communication assumption along with the hash-based PoW in order to ensure the security of transactions in the system. In what follows, we discuss both of these concepts in greater detail.